How to Setup Prometheus Monitoring On Kubernetes Cluster

kubernetes design 3 min

This article will guide you through setting up Prometheus on a Kubernetes cluster for monitoring the Kubernetes cluster. This setup collects node, pods, and services metrics automatically using Prometheus service discovery configurations.

About Prometheus

Prometheus is an open-source monitoring framework. It provides out-of-the-box monitoring capabilities for the Kubernetes container orchestration platform.

Explaining Prometheus is out of the scope of this article. If you want to know more about Prometheus, You can watch all the Prometheus-related videos from here. However, there are few key points I would like to list for your reference.

  1. Metric Collection: Prometheus uses the pull model to retrieve metrics over HTTP. There is an option to push metrics to Prometheus using Pushgateway for use cases where Prometheus cannot Scrape the metrics. One such example is collecting custom metrics from short-lived kubernetes jobs & Cronjobs
  2. Metric Endpoint: The systems that you want to monitor using Prometheus should expose the metrics on an /metrics endpoint. Prometheus uses this endpoint to pull the metrics in regular intervals.
  3. PromQL: Prometheus comes with PromQL, a very flexible query language that can be used to query the metrics in the Prometheus dashboard. Also, the PromQL query will be used by Prometheus UI and Grafana to visualize metrics.
  4. Prometheus Exporters: Exporters are libraries which converts existing metric from third-party apps to Prometheus metrics format. There are many official and community Prometheus exporters . One example is, Prometheus node exporter. It exposes all Linux system-level metrics in Prometheus format.
  5. TSDB (time-series database): Prometheus uses TSDB for storing all the data. By default, all the data gets stored locally. However, there are options to integrate remote storage for Prometheus TSDB.

Prometheus Architecture

Here is the high-level architecture of Prometheus.

Prometheus Kubernetes Architecture
source: prometheus.io

If you would like to install Prometheus on a Linux VM, please see the Prometheus on Linux guide.

Prometheus Monitoring Setup on Kubernetes

I assume that you have a kubernetes cluster up and running with kubectl setup on your workstation.

Note: If you don’t have a kubernetes setup, you can set up a cluster on google cloud by following this article.

Latest Prometheus is available as a docker image in its official docker hub account. We will use that image for the setup.

devops learning

Connect to the Kubernetes Cluster

Connect to your Kubernetes cluster and make sure you have admin privileges to create cluster roles.

Only for GKE: If you are using Google cloud GKE, you need to run the following commands as you need privileges to create cluster roles for this Prometheus setup.

ACCOUNT=$(gcloud info --format='value(config.account)')
kubectl create clusterrolebinding owner-cluster-admin-binding \
    --clusterrole cluster-admin \
    --user $ACCOUNT

Prometheus Kubernetes Manifest Files

All the configuration files I mentioned in this guide are hosted on Github. You can clone the repo using the following command.

git clone https://github.com/bibinwilson/kubernetes-prometheus

Thanks to James for contributing to this repo. Please don’t hesitate to contribute to the repo for adding features.

You can use the Github repo config files or create the files on the go for a better understanding, as mentioned in the steps.

Let’s get started with the setup.

Create a Namespace & ClusterRole

First, we will create a Kubernetes namespace for all our monitoring components. If you don’t create a dedicated namespace, all the Prometheus kubernetes deployment objects get deployed on the default namespace.

Execute the following command to create a new namespace named monitoring.

kubectl create namespace monitoring

Prometheus uses Kubernetes APIs to read all the available metrics from Nodes, Pods, Deployments, etc. For this reason, we need to create an RBAC policy with read access to required API groups and bind the policy to the monitoring namespace.

Step 1: Create a file named clusterRole.yaml and copy the following RBAC role.

In the role, given below, you can see that we have added get, list, and watch permissions to nodes, services endpoints, pods, and ingresses. The role binding is bound to the monitoring namespace. If you have any use case to retrieve metrics from any other object, you need to add that in this cluster role.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: default
  namespace: monitoring

Step 2: Create the role using the following command.

kubectl create -f clusterRole.yaml

Create a Config Map To Externalize Prometheus Configurations

All configurations for Prometheus are part of prometheus.yaml file and all the alert rules for Alertmanager are configured in prometheus.rules.

  1. prometheus.yaml: This is the main Prometheus configuration which holds all the scrape configs, service discovery details, storage locations, data retention configs, etc)
  2. prometheus.rules: This file contains all the Prometheus alerting rules

By externalizing Prometheus configs to a Kubernetes config map, you don’t have to build the Prometheus image whenever you need to add or remove a configuration. You need to update the config map and restart the Prometheus pods to apply the new configuration.

The config map with all the Prometheus scrape config and alerting rules gets mounted to the Prometheus container in /etc/prometheus location as prometheus.yaml and prometheus.rules files.

Step 1: Create a file called config-map.yaml and copy the file contents from this link –> Prometheus Config File.

Step 2: Execute the following command to create the config map in Kubernetes.

kubectl create -f config-map.yaml

It creates two files inside the container.

Note: In Prometheus terms, the config for collecting metrics from a collection of endpoints is called a job.

The prometheus.yaml contains all the configurations to discover pods and services running in the Kubernetes cluster dynamically. We have the following scrape jobs in our Prometheus scrape configuration.

  1. kubernetes-apiservers: It gets all the metrics from the API servers.
  2. kubernetes-nodes: It collects all the kubernetes node metrics.
  3. kubernetes-pods: All the pod metrics get discovered if the pod metadata is annotated with prometheus.io/scrape and prometheus.io/port annotations.
  4. kubernetes-cadvisor: Collects all cAdvisor metrics.
  5. kubernetes-service-endpoints: All the Service endpoints are scrapped if the service metadata is annotated with prometheus.io/scrape and prometheus.io/port annotations. It can be used for black-box monitoring.

prometheus.rules contains all the alert rules for sending alerts to the Alertmanager.

Create a Prometheus Deployment

Step 1: Create a file named prometheus-deployment.yaml and copy the following contents onto the file. In this configuration, we are mounting the Prometheus config map as a file inside /etc/prometheus as explained in the previous section.

Note: This deployment uses the latest official Prometheus image from the docker hub. Also, we are not using any persistent storage volumes for Prometheus storage as it is a basic setup. When setting up Prometheus for production uses cases, make sure you add persistent storage to the deployment.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus-deployment
  namespace: monitoring
  labels:
    app: prometheus-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus-server
  template:
    metadata:
      labels:
        app: prometheus-server
    spec:
      containers:
        - name: prometheus
          image: prom/prometheus
          args:
            - "--storage.tsdb.retention.time=12h"
            - "--config.file=/etc/prometheus/prometheus.yml"
            - "--storage.tsdb.path=/prometheus/"
          ports:
            - containerPort: 9090
          resources:
            requests:
              cpu: 500m
              memory: 500M
            limits:
              cpu: 1
              memory: 1Gi
          volumeMounts:
            - name: prometheus-config-volume
              mountPath: /etc/prometheus/
            - name: prometheus-storage-volume
              mountPath: /prometheus/
      volumes:
        - name: prometheus-config-volume
          configMap:
            defaultMode: 420
            name: prometheus-server-conf
  
        - name: prometheus-storage-volume
          emptyDir: {}

You Might Like: Kubernetes Deployment Tutorial For Beginners

Step 2: Create a deployment on monitoring namespace using the above file.

kubectl create  -f prometheus-deployment.yaml 

Step 3: You can check the created deployment using the following command.

kubectl get deployments --namespace=monitoring

You can also get details from the kubernetes dashboard like shown below.

prometheus on kubernetes

Setting Up Kube State Metrics

Kube state metrics service will provide many metrics which is not available by default. Please make sure you deploy Kube state metrics to monitor all your kubernetes API objects like deployments, pods, jobs, cronjobs etc..

Please follow this article to setup Kube state metrics on kubernetes ==> How To Setup Kube State Metrics on Kubernetes

Connecting To Prometheus Dashboard

You can view the deployed Prometheus dashboard in three different ways.

  1. Using Kubectl port forwarding
  2. Exposing the Prometheus deployment as a service with NodePort or a Load Balancer.
  3. Adding an Ingress object if you have an Ingress controller deployed.

Let’s have a look at all three options.

Using Kubectl port forwarding

Using kubectl port forwarding, you can access a pod from your local workstation using a selected port on your localhost. This method is primarily used for debugging purposes.

Step 1: First, get the Prometheus pod name.

kubectl get pods --namespace=monitoring

The output will look like the following.

➜  kubectl get pods --namespace=monitoring
NAME                                     READY     STATUS    RESTARTS   AGE
prometheus-monitoring-3331088907-hm5n1   1/1       Running   0          5m

Step 2: Execute the following command with your pod name to access Prometheus from localhost port 8080.

Note: Replace prometheus-monitoring-3331088907-hm5n1 with your pod name.

kubectl port-forward prometheus-monitoring-3331088907-hm5n1 8080:9090 -n monitoring

Step 3: Now, if you access http://localhost:8080 on your browser, you will get the Prometheus home page.

Exposing Prometheus as a Service [NodePort & LoadBalancer]

To access the Prometheus dashboard over a IP or a DNS name, you need to expose it as Kubernetes service.

Step 1: Create a file named prometheus-service.yaml and copy the following contents. We will expose Prometheus on all kubernetes node IP’s on port 30000.

Note: If you are on AWS, Azure, or Google Cloud, You can use Loadbalancer type, which will create a load balancer and automatically points it to the Kubernetes service endpoint.

apiVersion: v1
kind: Service
metadata:
  name: prometheus-service
  namespace: monitoring
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/port:   '9090'
spec:
  selector: 
    app: prometheus-server
  type: NodePort  
  ports:
    - port: 8080
      targetPort: 9090 
      nodePort: 30000

The annotations in the above service YAML makes sure that the service endpoint is scrapped by Prometheus. The prometheus.io/port should always be the target port mentioned in service YAML

Step 2: Create the service using the following command.

kubectl create -f prometheus-service.yaml --namespace=monitoring

Step 3: Once created, you can access the Prometheus dashboard using any of the Kubernetes nodes IP on port 30000. If you are on the cloud, make sure you have the right firewall rules to access port 30000 from your workstation.

Screen Shot 2017 10 11 at 12.15.57 PM

Step 4: Now if you browse to status --> Targets, you will see all the Kubernetes endpoints connected to Prometheus automatically using service discovery as shown below.

prometheus kubernetes target configuration

Step 5: You can head over the homepage and select the metrics you need from the drop-down and get the graph for the time range you mention. An example graph for container memory utilization is shown below.

prometheus kubernetes metrics

Exposing Prometheus Using Ingress

If you have an existing ingress controller setup, you can create an ingress object to route the Prometheus DNS to the Prometheus backend service.

Also, you can add SSL for Prometheus in the ingress layer.

Here is a sample ingress object. Please refer to this GitHub link for sample ingress object with SSL

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: prometheus-ui
  namespace: monitoring
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  # Use the host you used in your kubernetes Ingress Configurations
  - host: prometheus.example.com
    http:
      paths:
      - backend:
          serviceName: prometheus-service
          servicePort: 8080

Setting Up Alertmanager

Alertmanager handles all the alerting mechanism for Prometheus metrics. There are many integrations available to reveice alerts from the Alertmanager (Slack, email, API endpoints etc)

I have covered the Alert Manager setup in a separate article. Please follow ==> Alert Manager Setup on Kubernetes

Setting Up Grafana

Using Grafana you can create dashboards from Prometheus metrics to monitor the kubernetes cluster.

The best part is, you don’t have to write all the PromQL queries for the dashboards. There are many community dashboard templates available for Kubernetes. You can import it and modify it as per your needs.

Please follow this article for the Grafana setup ==> How To Setup Grafana On Kubernetes

Setting Up Node Exporter

Node Exporter will provide all the Linux system-level metrics of all Kubernetes nodes.

I have written a separate step-by-step guide on node-exporter daemonset deployment. Please follow Setting up Node Exporter on Kubernetes

The scrape config for node-exporter is part of the Prometheus config map. Once you deploy the node-exporter, you should see node-exporter targets and metrics in Prometheus.

Conclusion

In this article, I have covered the setup of important monitoring components for Kubernetes.

For production setup, there are more configuration and parameters need to be considered for scaling and storage. It all depends on your environment and data volume.

Let me know what you think about the Prometheus monitoring setup by leaving a comment.

27 Shares:
57 comments
  1. Hey,

    I’m trying to get Prometheus to work using an Ingress object.
    However, I’m not sure I fully understand what I need in order to make it work.

    My setup:
    Raspberry pi running k3s.
    I installed MetalLB as a LB solution, and pointing it towards an Nginx Ingress Controller LB service.
    I tried exposing Prometheus using an Ingress object, but I think I’m missing something here: do I need to create a Prometheus service as well?
    Right now for Prometheus I have: Deployment (Server) and Ingress.

    Looking at the Ingress configuration I can see it is pointing to a “prometheus-service”, but I do not have any Prometheus Service – should I create it?
    If so, what would be the configuration?

    Thanks,
    Daniel

    1. Hi Daniel,

      Yes, you have to create a service. Ingress object is just a rule. Your ingress controller can talk to the Prometheus pod through the Prometheus service.

    1. Hi Mohit,

      There is one blog post in the pipeline for Prometheus production-ready setup and consideration.

  2. Hi there, is there any way to monitor kubernetes cluster B from kubernetes cluster A for example: prometheus and grafana pods are running inside my cluster A and I have cluster B and I want to monitor it from cluster A. How we can achieve that?

    1. Hi Bhavishya,

      You can have Grafana monitor both clusters. You need to have Prometheus setup on both the clusters to scrape metrics and in Grafana you can add both the Prometheus endpoint as data courses. You can monitor both clusters in single grain dashboards.

      Also, look into Thanos https://thanos.io/

  3. Just want to thank you for the great tutorial I’ve ever seen.
    I successfully setup grafana on my k8s. 🙂

    Thanks
    Kevin Su

  4. Thanks for this, worked great. I only needed to change the deployment YAML.

    — From —

    apiVersion: extensions/v1beta1
    ...
      template:
        metadata:
          labels:
            app: prometheus-server
    

    — To —

    apiVersion: apps/v1
    ...
      selector:
        matchLabels:
          app: alertmanager
      template:
        metadata:
          name: alertmanager
          labels:
            app: alertmanager
    
    1. Thanks, John for the update. We changed it in the article. Actually, the referred Github repo in the article has all the updated deployment files.

  5. why i have also the cadvisor metric for example the node_cpu not present in the list thx

  6. can we create normal roles instead of cluster roles to restrict for a namespace and if we change how can use nonResourceURLs: [“/metrics”] because it throws error like nonresource url not allowed under namescope.

  7. It should state the prerequisites. I am running windows – in the yaml file I see
    args:
    – “–config.file=/etc/prometheus/prometheus.yml”
    – “–storage.tsdb.path=/prometheus/”

    how do you get this?

  8. didnt get where the values __meta_kubernetes_node_name come from , can u point me to how to write these files themselves ( sorry beginner here ) , do we need to install cAdvisor to the collect before doing the setup . also can u explain how to scrape memory related stuff and show them in prometheus plz
    thanks in advance ,
    Arjun

  9. Running through this and getting the following error/s:

    Warning FailedMount 41s (x8 over 105s) kubelet, hostname MountVolume.SetUp failed for volume “prometheus-config-volume” : configmap “prometheus-server-conf” not found

    Warning FailedMount 66s (x2 over 3m20s) kubelet, hostname Unable to mount volumes for pod “prometheus-deployment-7c878596ff-6pl9b_monitoring(fc791ee2-17e9-11e9-a1bf-180373ed6159)”: timeout expired waiting for volumes to attach or mount for pod “monitoring”/”prometheus-deployment-7c878596ff-6pl9b”. list of unmounted volumes=[prometheus-config-volume]. list of unattached volumes=[prometheus-config-volume prometheus-storage-volume default-token-9699c]

    Anyone run into this when creating this deployment?

  10. great article, worked like magic!
    under the note part you can add Azure as well along side AWS and GCP 🙂

  11. On Aws when we expose service to Load Balancer it is creating ELB. Does it support Application Load Balancer if so what changes should i do in service.yaml file.

  12. kubernetes-service-endpoints is showing down. Using “Exposing Prometheus As A Service” example, e.g. NodePort. The endpoint showing under targets is: http://172.17.0.7:8080/. Using the annotations:
    prometheus.io/scrape: ‘true’
    prometheus.io/path: /
    prometheus.io/port: ‘8080’

  13. Thanks for the article! I can get the prometheus web ui using port forwarding, but for exposing as a service, what do you mean by kubernetes node IP? How do I find it?

  14. Hari Krishnan, the way I did to expose prometheus is change the prometheus-service.yaml NodePort to LoadBalancer, and that’s all.

    But i’m using AWS.

  15. Hello Sir, I am currently exploring the Prometheus to monitor k8s cluster. I would like to know how to Exposing Prometheus As A Service with external IP, you please guide me..
    kubernetes-service-endpoints is showing down when I try to access from external IP. I believe we need to modify in configmap.yaml file, but not sure what need to make change. Need your help on that.

  16. Hi ,
    Thanks to your artical was able to set prometheus. can you post the next article soon. for alert configuration. waiting…!!!

  17. Hi – I’m getting the following error

    From the k8s log

    parsing YAML file /etc/prometheus/prometheus.yml: yaml: line 58: mapping values are not allowed in this context”

    prometheus-deployment-79c7cf44fc-p2jqt 0/1 CrashLoopBackOff

    Could you help me with this ?

    Thanks in advance

  18. Hi does anyone know when the next article is? I need to set up Alert manager and alert rules to route to a web hook receiver. If anyone has attempted this with the config-map.yaml given above could they let me know please?

    Thanks in advance!

  19. When I run ./kubectl get pods –namespace=monitoring I also get the following:

    NAME READY STATUS RESTARTS AGE
    prometheus-deployment-5cfdf8f756-mpctk 1/1 Running 0 1d

    When this article tells me I should be getting

    prometheus-monitoring-xxxxxxxxx-xxxx

    Could you please advise on this?
    Then when I run this command – kubectl port-forward prometheus-deployment-5cfdf8f756-mpctk 8080:9090 I get the following

    Error from server (NotFound): pods “prometheus-deployment-5cfdf8f756-mpctk” not found

    Could someone please help?
    Many thanks in advance

    1. You need to specificate the namespace.

      Try
      kubectl port-forward prometheus-deployment-5cfdf8f756-mpctk 8080:9090 -n monitoring
      (if the namespace is called “monitoring”)

  20. Appreciate the article, it really helped me get it up and running. I do have a question though. Where did you get the contents for the config-map and the Prometheus deployment files. Is this something Prometheus provides? I have no other pods running in my monitoring namespace and can find no way to get Prometheus to see the pods in other namespaces. I went ahead and changed the namespace parameters in the files to match namespaces I had but I was just curious. Thanks

    1. Hi Joshua, I think I am having the same problem as you. Where did you update your service account in, the prometheus-deployment.yaml file? Also what parameters did you change to pick of the pods in the other namespaces?

      Thanks in advance

    1. Same situation here Vlad.
      My application’s namespace is DEFAULT. Do I need to change something?

  21. Nice article. There is a Syntax change for command line arguments in the recent Prometheus build, it should two minus ( — ) symbols before the argument not one.

  22. Nice article. There is a Syntax change for command line arguments in the recent Prometheus build, it should two minus ( — ) symbols before the argument not one.

  23. Thanks for the tutorial.
    Looks like the arguments need to be changed from
    “-config.file=/etc/prometheus/prometheus.yml”
    and
    “-storage.local.path=/prometheus/”

    to

    “–config.file=/etc/prometheus/prometheus.yml”
    “–storage.tsdb.path=/prometheus/”

    Thank again!

  24. Thanks a Ton !! I am new to Kubernetes and while Exposing Prometheus As A Service i am not getting external IP for it. My Graphana dashboard cant consume localhost. Can you please guide me how to Exposing Prometheus As A Service with external IP.

    Thanks
    Alok

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like